Cyber Incident Victim: Säkylän kunta
Date:
Dec 2022
Location:
Finland
Summary
A cyberattack targeted a municipality in Satakunta, Finland, causing widespread disruptions to its information systems. The incident resulted in partial or complete failures across multiple systems, including temporary issues with patient record systems that were subsequently restored. Ongoing technical investigations continued beyond the holiday period, though the perpetrators remained unidentified. Local authorities filed a police report and coordinated with national government agencies while maintaining operational updates to municipal leadership throughout the response.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 18, 2022, the municipality of Säkylä in Finland's Satakunta region detected a cyber attack disrupting its information systems. The incident caused widespread operational failures, with some systems functioning only partially and others becoming entirely inoperable. Among the affected infrastructure were critical patient record systems, though municipal authorities managed to restore these systems following the initial disruption. Säkylä's municipal manager, Teijo Mäenpää, confirmed the attack's discovery on Sunday and acknowledged that troubleshooting efforts would extend beyond the Christmas holidays, including work during the holiday period itself. The municipality promptly filed a criminal report with law enforcement and notified relevant government agencies of the breach. By Monday evening, the municipal board had also been briefed on the developing situation. No operational timelines for full system restoration were disclosed, nor were specific details provided about the duration of the patient record system outages prior to their repair.
The attack's origin remained unidentified, with authorities offering no information about potential perpetrators or external threat actors. Municipal leadership maintained public communication regarding ongoing technical challenges but did not disclose the attack's methodological specifics or whether data exfiltration occurred. Impact assessments focused solely on system functionality disruptions rather than financial losses or compromised data categories. Response efforts prioritized system restoration and coordination with state authorities, though no external cybersecurity partners or specialized incident response teams were referenced in public statements. Operational continuity measures during the outage period were not detailed, leaving the scope of municipal service interruptions—beyond healthcare systems—unclarified. The incident marked a sustained disruption to local governance infrastructure, with recovery operations persisting through the end of the calendar year.